This is my first question in any stackexchange board, but I've been reading Stack Overflow answers for a few months. I hope this question is appropriate for this one.

I am developing a simple Android game using Java and libgdx. I want to make a typical ranking, a player who completes a level is awarded some points, and his score is compared with other players who sent theirs. This is all ok (well I still need to find a way to store players' scores). On the other hand, I may want my project to be released as an open source project, so others can look at its code freely. My question is, if anybody can get this code, modify it in order to get some advantatge, compile this game, and load it onto an Android device, how can I stop him/her from sending his/her score? It would by unfair to let them send highscores with a different game.

2 Answers
2

You could release the whole game with the exception of a file that stores the private key of your game. When something sends a score, you send back a random string that is encrypted with the game's public key. You only accept the score if the program sends back the original message. This should work as long as the file with the private key cannot be extracted from the compiled version of your game.

From my perspective, you should share your entire source code so anyone could make his own version of the game and run his ranking server instance.

Cheating is not the only thing that may worry you, for example imagine that someone starts making huge petitions to your server and you will pay that expenses.

What I recommend is that you release the entire source code and let anyone mount it´s own server instance for the rankings. As BerndBrot says, do not share your dbconnect or whatever file with the credentials to modify the rankings.